Index: content/common/sandbox_mac_system_access_unittest.mm |
=================================================================== |
--- content/common/sandbox_mac_system_access_unittest.mm (revision 204987) |
+++ content/common/sandbox_mac_system_access_unittest.mm (working copy) |
@@ -9,6 +9,7 @@ |
#include "base/strings/sys_string_conversions.h" |
#include "content/common/sandbox_mac.h" |
#include "content/common/sandbox_mac_unittest_helper.h" |
+#include "crypto/nss_util.h" |
#include "testing/gtest/include/gtest/gtest.h" |
namespace content { |
@@ -120,4 +121,25 @@ |
EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedUrandomTestCase", NULL)); |
} |
+//--------------------- NSS Sandboxing ---------------------- |
+// Test case for checking sandboxing of NSS initialization. |
+class MacSandboxedNSSTestCase : public MacSandboxTestCase { |
+ public: |
+ virtual bool SandboxedTest() OVERRIDE; |
+}; |
+ |
+REGISTER_SANDBOX_TEST_CASE(MacSandboxedNSSTestCase); |
+ |
+bool MacSandboxedNSSTestCase::SandboxedTest() { |
+ // If NSS cannot read from /dev/urandom, NSS initialization will call abort(), |
+ // which will cause this test case to fail. |
+ crypto::ForceNSSNoDBInit(); |
+ crypto::EnsureNSSInit(); |
+ return true; |
+} |
+ |
+TEST_F(MacSandboxTest, NSSAccess) { |
+ EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedNSSTestCase", NULL)); |
+} |
+ |
} // namespace content |